lldb ...
Lawrence Velázquez
larryv at macports.org
Fri Sep 9 06:54:49 PDT 2016
> On Sep 9, 2016, at 6:00 AM, Rainer Müller <raimue at macports.org> wrote:
>
>> On 2016-09-09 03:38, Jeremy Sequoia wrote:
>> You are describing a system to automatically create and automatically
>> trust a code signing certificate that contains a private key in a file
>> on disk that is not encrypted with a passphrase and only depends on file
>> system ACLs to protect it.
>>
>> That is trivially insecure and attack-prone.
>
> Adding trust for an additional certificate also only relies on the
> filesystem permissions. If I get root write access to System.keychain, I
> can add my own certificate.
>
> If we add a trusted certificate to System.keychain and the corresponding
> private key is only accessible by root, that would still be the same
> level of security in my opinion.
If the private key isn't encrypted, doesn't that basically eliminate the cryptographic security? At that point we're just relying on the OS to maintain access control.
vq
Sent from my iPhone
More information about the macports-dev
mailing list